CVE-2019-1859

Published: 03/05/2019 Updated: 13/10/2020

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an malicious user to bypass client-side certificate authentication and revert to password authentication. The vulnerability exists because OpenSSH mishandles the authentication process. An attacker could exploit this vulnerability by attempting to connect to the device via SSH. A successful exploit could allow the malicious user to access the configuration as an administrative user if the default credentials are not changed. There are no workarounds available; however, if client-side certificate authentication is enabled, disable it and use strong password authentication. Client-side certificate authentication is disabled by default.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco sg200-50 firmware
cisco sg200-50p firmware
cisco sg200-50fp firmware
cisco sg200-26 firmware
cisco sg200-26p firmware
cisco sg200-26fp firmware
cisco sg200-18 firmware
cisco sg200-10fp firmware
cisco sg200-08 firmware
cisco sg200-08p firmware
cisco sf200-24 firmware
cisco sf200-24p firmware
cisco sf200-24fp firmware
cisco sf200-48 firmware
cisco sf200-48p firmware
cisco sf302-08pp firmware
cisco sf302-08mpp firmware
cisco sg300-10pp firmware
cisco sg300-10mpp firmware
cisco sf300-24pp firmware
cisco sf300-48pp firmware
cisco sg300-28pp firmware
cisco sf300-08 firmware
cisco sf300-48p firmware
cisco sg300-10mp firmware
cisco sg300-10p firmware
cisco sg300-10 firmware
cisco sg300-28p firmware
cisco sf300-24p firmware
cisco sf302-08mp firmware
cisco sg300-28 firmware
cisco sf300-48 firmware
cisco sg300-20 firmware
cisco sf302-08p firmware
cisco sg300-52 firmware
cisco sf300-24 firmware
cisco sf302-08 firmware
cisco sf300-24mp firmware
cisco sg300-10sfp firmware
cisco sg300-28mp firmware
cisco sg300-52p firmware
cisco sg300-52mp firmware
cisco sg500-28mpp firmware
cisco sg500-52mp firmware
cisco sg500xg-8f8t firmware
cisco sf500-24 firmware
cisco sf500-24p firmware
cisco sf500-48 firmware
cisco sf500-48p firmware
cisco sg500-28 firmware
cisco sg500-28p firmware
cisco sg500-52 firmware
cisco sg500-52p firmware
cisco sg500x-24 firmware
cisco sg500x-24p firmware
cisco sg500x-48 firmware
cisco sg500x-48p firmware
cisco sg250x-24 firmware
cisco sg250x-24p firmware
cisco sg250x-48 firmware
cisco sg250x-48p firmware
cisco sg250-08 firmware
cisco sg250-08hp firmware
cisco sg250-10p firmware
cisco sg250-18 firmware
cisco sg250-26 firmware
cisco sg250-26hp firmware
cisco sg250-26p firmware
cisco sg250-50 firmware
cisco sg250-50hp firmware
cisco sg250-50p firmware
cisco sf250-24 firmware
cisco sf250-24p firmware
cisco sf250-48 firmware
cisco sf250-48hp firmware
cisco sg350-10 firmware
cisco sg350-10p firmware
cisco sg350-10mp firmware
cisco sg355-10p firmware
cisco sg350-28 firmware
cisco sg350-28p firmware
cisco sg350-28mp firmware
cisco sf350-48 firmware
cisco sf350-48p firmware
cisco sf350-48mp firmware
cisco sg350xg-2f10 firmware
cisco sg350xg-24f firmware
cisco sg350xg-24t firmware
cisco sg350xg-48t firmware
cisco sg350x-24 firmware
cisco sg350x-24p firmware
cisco sg350x-24mp firmware
cisco sg350x-48 firmware
cisco sg350x-48p firmware
cisco sg350x-48mp firmware
cisco sx550x-16ft firmware
cisco sx550x-24ft firmware
cisco sx550x-12f firmware
cisco sx550x-24f firmware
cisco sx550x-24 firmware
cisco sx550x-52 firmware
cisco sg550x-24 firmware
cisco sg550x-24p firmware
cisco sg550x-24mp firmware
cisco sg550x-24mpp firmware
cisco sg550x-48 firmware
cisco sg550x-48p firmware
cisco sg550x-48mp firmware
cisco sf550x-24 firmware
cisco sf550x-24p firmware
cisco sf550x-24mp firmware
cisco sf550x-48 firmware
cisco sf550x-48p firmware
cisco sf550x-48mp firmware

A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches software could allow an attacker to bypass client-side certificate authentication and revert to password authentication The vulnerability exists because OpenSSH mishandles the authentication process An attacker could exploit this vulnerability by att ...

CWE-295 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv https://nvd.nist.gov https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-scbv

Get Started

CVE-2019-1859

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect